• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Hardware Malware – WSWiR Episode 112

July 11, 2014 By Corey Nachreiner

Tons of Patches, Facebook Botnets, and Infected Hand Scanners

After a couple weeks of hiatus, we’re finally back with our weekly security news summary video. If you want to learn about all the week’s important security news from one convenience resource, this is the place to get it.

This episode covers the latest popular software security updates from the last two weeks, and interesting Litecoin mining botnet that Facebook helped eradicate, and an advanced attack campaign that leverages pre-infected hardware products. Watch the video for the details, and check out the Reference’s for more information, and links to many other interesting InfoSec stories.

Enjoy your summer weekend, and stay safe!

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=oAHYUW1KkM0

Episode References:

  • Microsoft’s July Patch Day
    • Microsoft July Patch notification – Microsoft
    • Microsoft IE alert fixes over 20 vulnerabilities – WGSC
    • Windows updates fix Journal flaw and more –  WGSC
    • Minor Service Bus issue likely only affects few –  WGSC
    • Microsoft SSL certificate security advisory – Microsoft
  • Apple’s June Patches
    • Apple security updates summary page – Apple
    • Apple’s June OS X security updates – Apple
    • Apple’s June Safari security update – Apple
    • iOS 7.1.2 security update – Apple
    • Apple TV June security update – Apple
  • Adobe Patch Day
    • Adobe patches Rosetta Flash – WGSC
    • Michele Spagnuolo blog post on Rosetta Flash – Miki.it
  • Facebook helps thwart Lecpetex Litecoin botnet – Facebook
  • Zombie Zero: Malware found in Chinese Inventory Scanners – Network World
    • TrapX report or Hand Held Scanners attack campaign – TrapX
    • Dark Reading covers Zombie Zer0 – Dark Reading

Extras:

  • US arrests accused Russia CC hacker; Russia claims kidnapping – Krebs on Security
  • Microsoft botnet shutdown had collateral damage on No-IP – SC Magazine
  • EFF sues NSA for using 0day – Network World
  • The NSA gathers far more info from general Internet users than it does targeted foreign national – The Washington Post
  • HotelHippo shut down after discovery of security flaws on site – SC Magazine
  • Accused UK hacker jailed for refusing to hand over his password and crypto keys – The Register
  • Google Glass can steal passwords from 10ft away (hyperbole?) – We Live Security
  • DoHS accuses Chinese attackers of hacking records from Office of Personnel Management – NY Times
    • Kerry says Chinese hackers didn’t get any sensitive info – NBC News
  • New PoS botnet surfaced on the underground in May – The Register
    • PoS Botnet leverages RDP – SC Magazine
  • Google patched a Drive file leaking vulnerability – Naked Security
  • Flaw in smart bulbs could leak Wifi passwords – Ars Technica
  • Google blocks a lot of unauthorized digital certificates from India – Google
  • Dragonfly ICS malware affects global energy companies – IT Portal
    • Older F-Secure story – The Register
    • Gizmodo also covers this story – Gizmodo
  • Latest iOS jailbreak supports iOS 7.1.2 – CNET
  • Hijack Hunter; a comparable tool to HijackThis – Ghacks
  • Cloud Remote Access and common password allowed attacker in – Computer World
  • Cisco Unified Communications have hard coded SSH key (backdoor) – The Register
    • Patch for Cisco UC backdoor – Cisco
  • MiniDuke authors seem to target drug dealers – The Guardian
  • CosmicDuke targets drug dealers and military contractors – Techweek
  • Dailymotion hijacked to serve Drive-by Download… again! – Network World
  • Zeus will never die (re-emerges after a takedown) – Ars Technica
  • Tinba malware source code leak – CSIS
    • Tinba malware analysis – Trend Micro

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Adobe, Apple, botnet, Brian Krebs, Facebook, Hacking, hardware hacks, Infosec news, Internet Explorer, Krebs on Security, Lecpetex, Microsoft, Rosetta Flash, Safari, Security breach, Software vulnerabilities, TrapX, Updates and patches, Windows Journal, word, xss, Zombie Zero

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use